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RISK MANAGEMENT PHILOSOPHY 


Cape Agulhas Municipality is committed to the optimal management of risks in order to 
achieve our vision, deliver on our core business and key objectives. 

In the course of conducting our day-to-day business operations, we are exposed to a variety 
of risks. These risks include operational and other risks that are material and require 
comprehensive controls and on-going oversight. 

To ensure business success we have adopted an enterprise-wide integrated approach to the 
management of risks. By embedding the risk management process into key business 
processes such as planning, operations and new projects, we will be better equipped to 
identify events affecting our objectives and to manage risks in ways that are consistent with 
the approved risk appetite. 

To further implement the enterprise-wide approach, we have taken a number of steps to 
reinforce a culture of disciplined risk-taking. 

Council is responsible for oversight of the risk management process and has delegated its 
day-to-day implementation to the Accounting Officer. The Accounting Officer, who is 
accountable for the overall governance of the municipality’s risks, has delegated this role to 
the Chief Risk Officer (CRO) and Management. The CRO will ensure that the framework is 
implemented and that council and the Risk Management Committee (RMC) receive 
appropriate reporting on the municipality’s risk profile and risk management process. 
Management will execute their responsibilities outlined in the Risk Management Strategy. All 
other officials are responsible for incorporating risk management into their day-to-day 
activities. 

As the Accounting Officer of Cape Agulhas Municipality, council and I are responsible for 
enhancing corporate governance within the municipality and to ensure that appropriate 
focus is placed on important tasks. 


ACCOUTING OFFICER 
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1. OVERVIEW 


1.1. Introduction 

The Accounting Officer has committed Cape Agulhas Municipality to implementing and 
maintaining an effective, efficient and transparent system of risk management. The process 
of risk management is aligned to the principles as set out in the King III Report on Governance 
for South Africa and as supported by the Municipal Finance Management Act (MFMA), Act 
no.56 of 2003. 

1.2. Purpose 

Through this policy Cape Agulhas Municipality puts into practice its commitment to 
implement risk management and embed a culture of risk management within the 
municipality. This policy forms the basis for the accompanying Risk Management Strategy 
which is designed to help achieve the objective of implementing an effective Enterprise Risk 
Management (ERM) process. 

1.3. Scope 

The scope of this policy applies throughout Cape Agulhas Municipality in as far as risk 
management is concerned. 

1.4. Background 

1.4.1. Legislative Mandate 

Section 62(l)(c)(i) and 95(c)(i) of the MFMA states that: "... The accounting officer of the 
municipality and municipal entity is responsible for managing the financial administrafion of 
the municipality, and must for this purpose take all reasonable steps to ensure that the 
municipality has and maintains effective, efficient and transparent systems of financial and 
risk management and internal control.” 

1.4.2. Objectives of Risk Management 

The objectives of risk management are to assist Management in making more informed 
decisions which: 

• provide a level of assurance that current significant risks are effectively managed; 

• improve operational performance by assisting and improving decision making and 
planning; 
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• promote a more innovative, less risk averse culture in which the taking of calculated 
risks in pursuit of opportunities, to benefit the Municipality, is encouraged; and 

• provide a sound basis for integrated risk management and internal control as 
components of good corporate governance. 

1.4.3. Benefits of Risk Management 

The risk management process can make major contributions towards helping the 
municipality achieve its objectives. The benefits include: 

• more sustainable and reliable delivery of services; 

• enhance decision making underpinned by appropriate rigour and analysis; 

• reduced waste; 

• prevention of fraud and corruption; 

• fewer surprises and crises; 

• help avoid damage to the municipality’s reputation and image; 

• helps ensure effective reporting and compliance with laws and regulations; 

• better value for money through more efficient use of resources; and 

• better outputs and outcomes through improved project and programme 
management. 

1.4.4. Risk, Risk Management and Enterprise Risk Management 

Risk is an uncertain future event that could influence the achievement of the Municipality’s 
strategic and business objectives. 

Risk Management is a systematic and formalised process instituted by the Municipality to 
identify, assess, manage, monitor and report risks to ensure the achievement of objectives. 

Enterprise Risk Management is a process, effected by the Municipality Accounting Officer, 
Management and other personnel, applied in strategy setting and across the enterprise, 
designed to identify potential events that may affect the Municipality, and manage risks to 
be within its risk appetite, to provide reasonable assurance regarding the achievement of the 
Municipality’s objectives. 

2. ROLES AND RESPONSIBILITIES 

Every person within Cape Agulhas Municipality has a role to play in the risk management 
process. The primary responsibility for identifying and managing risks lies with Management. 
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2.1. Risk Management Oversight 


2.1.1. Executive Authority (Council) 

Council takes an interest in risk management to the extent necessary to obtain comfort that 
properly established and functioning systems of risk management are in place to protect 
Cape Agulhas Municipality against significant risks. 

2.1.2. Audit Committee 

The Audit Committee (AC) is an independent committee responsible for oversight of the 
municipality’s control, governance and risk management. The responsibilities of the AC with 
regard to risk management are formally defined in its charter. The AC primary responsibility is 
providing an independent and objective view of the effectiveness of the municipality's risk 
management process. 

2.1.3. Risk Management Committee 

The RMC is appointed by the Accounting Officer to assist in the discharge of his/her risk 
management responsibilities. The committee’s role is to review the risk management progress 
and maturity of the Municipality, the effectiveness of risk management activities, the key risks 
facing the Municipality and the responses to address these key risks. The responsibilities of the 
RMC are formally defined in its charter. 

2.2. Risk Management Implementers 

2.2.1. Accounting Officer 

The Accounting Officer is ultimately responsible for risk management within the municipality. 
By setting the tone at the top, the Accounting Officer promotes accountability, integrity and 
other factors that will create a positive control environment. 

2.2.2. Management 

All other levels of management support the municipality’s risk management philosophy 
promote compliance with the risk appetite and manage risks within their areas of 
responsibility. 

2.2.3. Other Officials 

Other officials are responsible for integrating risk management into their day-to-day activities 
i.e. by ensuring conformance with controls. 
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2.3. Risk Management Support 


2.3.1. Chief Risk Officer 

The CRO is the custodian of the Risk Management Strategy and the coordinator of ERM 
activities throughout Cape Agulhas Municipality. The primary responsibility of the CRO is to 
use his/her specialist expertise to assist the municipality to embed ERM and leverage its 
benefits to enhance performance. 

2.3.2. Risk Champion 

A Risk Champion would generally hold a senior position within the Municipality and possess 
skills, knowledge and leadership qualities required to champion a particular aspect of risk 
management. The Risk Champions primary responsibility is advising on, formulating, 
overseeing and managing all aspects of a Municipality’s risk management system. The Risk 
Champion monitors the Municipality’s entire risk profile, ensuring that major risks are identified 
and reported upwards. 

2.4. Risk Management Assurance Providers 

2.4.1. Internal Audit 

The core role of Internal Audit in risk management is to provide an independent, objective 
assurance to council and the Audit Committee on the effectiveness of risk management. 
Internal Audit also assists in bringing about a systematic, disciplined approach to evaluate 
and improve the effectiveness of the entire system of risk management and provide 
recommendations for improvement where necessary. 

2.4.2. External Audit 

The External Auditor (Auditor-General OF South Africa) is required by section 188 of the 
Constitution of the Republic of South Africa, 1996 and section 4 of the Public Audit Act of 
South Africa, 2004 (Act No. 25 of 2004) (PAA), to express an opinion on the Municipality’s 
financial statements based on his audit. 

3. RISK MANAGEMENT PROCESS 

The risk management process consists of eight (8) components. 
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Figure 1: Risk Management Process 


3.1. Internal Environment 

The internal environment encompasses the tone of Cape Agulhas Municipality, influencing 
the risk consciousness of its people. It is the foundation for all other components of risk 
management, providing discipline and structure. 

3.2. Objective Setting 

Objectives are set at the strategic level, establishing a basis for operations, reporting, and 
compliance objectives. Objectives are to be aligned with the Municipality’s risk appetite. 

3.3. Event Identification 

Event identification is the process of identifying potential events affecting Cape Agulhas 
Municipality’s ability to successfully implement strategy and achieve objectives. 

3.4. Risk Assessment 

Risk assessments allow the municipality to consider the extent to which potential events might 
have an impact on the achievement of objectives. Management should assess events from 
two perspectives impact and likelihood and normally uses the quantitative method i.e. risk 
rating scales for both the inherent and residual basis. 
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3.5. Risk Response 


Having assessed relevant risks, management determines how it will respond. Responses 
include risk avoidance, reduction, sharing and acceptance. 

3.6. Control Activities 

Control activities are the policies and procedures that help ensure that management’s risk 
responses are carried out. Control activities occur throughout the municipality, at all levels 
and in all functions. They include a range of activities as diverse as approvals, authorisations, 
verifications, reconciliations, reviews of operating performance, security of assets and 
segregation of duties. 

3.6.1. Risk Appetite 

The term “risk appetite" can be defined as the acceptable level or amount of risk that the 
municipality is willing to accept, before action is needed to reduce it. 

Cape Agulhas Municipality has set its risk appetite level at a risk grading of 13 (out of a 
maximum of 25). This implies that that all risks, strategic and operational, with a grading of 14 
or higher will be addressed each year. However, the Municipality’s risk appetite will be 
reassessed on a yearly basis, based on the annual risk assessment exercise results and 
adjusted if required. The ultimate goal is to reduce the risk level of the Municipality to 
acceptable levels. 

The Municipality has committed itself to aggressively pursue managing risks to be within its risk 
appetite to avoid exposures to losses and to manage actions that could have a negative 
impact on the reputation of the municipality. 

3.7. Information and Communication 

Pertinent information is identified, captured and communicated in a form and timeframe 
that enable people to carry out their responsibilities. Effective communication also occurs, 
flowing down, across and up in the municipality. All personnel receive a clear message from 
top management that risk management responsibilities must be taken seriously. They 
understand their own role in risk management, as well as how individual activities relate to 
the work of others. They must have a means of communicating significant information 
upstream. There is also effective communication with external parties. 
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3.8. Monitoring 


Monitoring risk management is a process that assesses the presence and functioning of its 
components over time. This is accomplished through on-going monitoring activities, separate 
evaluations or a combination of the two. On-going monitoring occurs in the normal course of 
management activities. The scope and frequency of separate evaluations will depend 
primarily on an assessment of risks and the effectiveness of on-going monitoring procedures. 

4. REPORTING 

The following minimum reports will be compiled and presented to council, Audit Committee 
and the RMC: 

• A summary of risk broken down into operating units. 

• A summary of existing gaps in the capabilities for managing significant risks. 

• A report of emerging issues or risks that requires immediate attention. 

• Integrated reporting and disclosure (Combined Assurance) 

5. POLICY REVIEW 

This policy shall be reviewed annually to reflect the current stance on risk management within 
the Cape Agulhas Municipality. 
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GLOSSARY OF TERMS 


Event - An incident or occurrence from internal or external sources that affects the 
achievement of Cape Agulhas Municipality’s objectives. 

Impact - A result or effect of and event. The impact of an event can be positive or negative. 
A negative event is termed a “risk". 

Inherent - The risks to Cape Agulhas Municipality in the absence of any actions management 
might take to alter either the risk’s impact or likelihood. In other words the impact that the risk 
will have on the achievement of objectives if the current controls that are in place are not 
considered. 

Likelihood / Probability - The probability of the event occurring. 

Operations - used with “objectives”, having to do with the effectiveness and efficiency of the 
municipality’s activities, including performance and safeguarding resources against loss. 

Priority / Key Risks - Risks that are rated high on an inherent level. Risks that need to be acted 
upon. Risks that possess a serious threat to the municipality. 

Project Risks - Risks that are identified for all major projects, covering the whole lifecycle and 
for long-term projects. 

Residual - The remaining exposure after the controls/treatments has been taken into 
consideration. (The remaining risk after management has put in place measures to control 
the inherent risk). 

Risk Owner - The person responsible for managing a particular risk. 

Risk Profile / Register - Also known as the risk register. The risk profile will outline the number of 
risks, type of risk and potential effects of the risk. This outline will allow the municipality to 
anticipate additional costs or disruptions to operations. Also describes the willingness of a 
company to take risks and how those risks will affect the operational strategy of the 
municipality. 

Risk Response - Management develop strategies to reduce or eliminate the threats and 
events that create risks. 

Stakeholders - Parties that are affected by the Municipality, such as the communities in which 
the Municipality operates, employees, suppliers etc. 
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Strategic - used with “objectives”, it has to do with high-level goals that are aligned with and 
support the Municipality’s mission or vision. 

Mitigation / Treatment - After comparing the risk score (severity rating = impact X likelihood) 
with the risk tolerance, risks with unacceptable levels of risk will require treatment plans 
(additional action to be taken by management) 
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